Product Security Engineer - Specialist (SAST/DAST/SCA/Threat Modeling/Incident Response

Product Security Engineer - Specialist (SAST | DAST | SCA | Threat Modeling | Incident Response | DevSecOps | PCI-DSS)- Hybrid (London)

We are seeking an experienced Product Security Leader (PSL) to embed security across the full product life cycle - from secure design and development through deployment and production resilience.

This is a high-impact contract role ideal for a security professional who thrives at the intersection of engineering, security architecture, and incident response.

What You'll Own

• Define and implement product security policies, standards, and tooling across the SDLC

• Lead threat modelling initiatives (eg, STRIDE, PASTA) for new and existing applications

• Manage and prioritize the product vulnerability backlog, tracking SLAs, aging metrics, and remediation progress

• Oversee findings from SAST, DAST, and SCA tools, ensuring effective triage and resolution

• Coordinate and manage bug bounty submissions and remediation workflows

• Conduct Root Cause Analysis (RCA) for security incidents and systemic vulnerabilities

• Act as Incident Commander or Investigation Lead during security events

• Facilitate tabletop exercises to strengthen incident readiness

• Partner with CI/CD teams to embed security controls into pipelines

What You Bring

• Deep expertise in:

  • Vulnerability Management

  • Secure SDLC practices

  • Security Architecture & Design

  • Threat Modeling

• Strong background in:

  • Incident Response leadership

  • Root Cause Analysis

  • Bug Bounty program coordination

• Experience implementing security tooling in CI/CD environments:

  • SAST

  • DAST

  • SCA

• Experience working within regulated environments (eg, PCI-DSS, SOC 2, GDPR)

• Proven ability to drive cross-functional security initiatives with Engineering, Product, and Compliance teams

• Excellent stakeholder management and communication skills

Preferred Technical Exposure

• CI/CD platforms (eg, GitHub Actions, GitLab CI, Jenkins)

• Cloud platforms (AWS, Azure, or GCP)

• Containerization & orchestration (Docker, Kubernetes)

• Application security testing tools (eg, Checkmarx, Veracode, Fortify, Burp Suite, etc.)

• Vulnerability management platforms (eg, Qualys, Tenable, Rapid7)

Ideal Profile

This role suits a senior-level Product Security professional who can operate strategically while remaining technically credible - someone comfortable influencing engineering teams, driving remediation priorities, and leading during high-pressure security incidents.